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Dynamic Attack Detection in Cyber-Physical Systems 
with Side Initial State Information 

Yuan Chen, Soummya Kar, and Jose M. F. Moura 

Abstract —This paper studies the impact of side initial state information 
on the detectability of data deception attacks against cyher-physical 
systems. We assnme the attack detector has access to a linear function 
of the initial system state that eannot he altered hy an attacker. 
First, we provide a necessary and snfllcient eondition for an attack 
to he undetectable by any dynamic attack detector under each specific 
side information pattern. Second, we eharacterize attacks that can be 
snstained for arbitrarily long periods without being detected. Third, we 
define the zero state indncing attaek, the only type of attack that remains 
dynamieally nndetectable regardless of the side initial state information 
available to the attack detector. Finally, we design a dynamie attack 
detector that detects detectable attacks. 

I. Introduction 

Cyber-physical systems (CPS) monitor and regulate many crit¬ 
ical large-scale infrastructures such as the power grid and water 
distribution systems. Events such as the Maroochy Shire Council 
Sewage control incident and the Stuxnet malware attack have brought 
increased awareness to the issue of securing large scale systems (TJ, 
(2l- Smaller applications such as robotic platforms and the modern 
commercial automobile (3) are also equipped with intercommuni¬ 
cating sensor, computation, and actuator components for a variety 
of control tasks and can fall suspect to cyber attack. A malicious 
attacker can hijack the communication channels between the sensor, 
computation, and actuator components, modify the data values sent 
between components, and manipulate the system’s behavior H 

To ensure proper operation of CPS, it is necessary to design and 
implement security measures against attacks. One important aspect of 
security is attack detection that allows the system to take corrective 
actions and mitigate damaging behavior. Static attack detectors check 
the consistency of the system output at a single time step a, a, 
but are unable to detect any attacks on the actuators since they do 
not consider system dynamics Q. Reference m describes dynamic 
attack detectors that use the system dynamics, sensing topology, and 
the history of actuator inputs and sensor outputs to determine whether 
or not a data deception attack has occurred in a given time window. 
There are certain attacks, called stealthy or undetectable attacks, that 
no dynamic detector can detect. Stealthy dynamic attacks change the 
system output in such a way that the output of the system could arise 
from the system when it is not under attack p7(. 

There are several methods to implement attack detection. In fSl 
and (a, the authors analyze dynamic attacks that go undetected by 
detectors of bad data (e.g., data resulting from sensor failures) for 
dynamical systems with process and sensor noise. References Gol 
and El provide algorithms to both detect and reconstruct the dy¬ 
namic attack. The authors of El use sparse optimization techniques 
to detect and identify deception attacks in electric power systems. 
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Our previous work El uses geometric control techniques to analyze 
the limitations of detecting sparse sensor attacks. A different class 
of attack detectors, known as active attack detectors, determine the 
presence of a deception attack by randomly perturbing the system’s 
input and measuring the output d. Reference El surveys fault 
detection techniques in dynamic systems that are related to attack 
detection in CPS. While previous work in attack detection ||4l, ([7|, 
HI, il, El focuses on detectability of attacks, this note precisely 
clarifies how attack detector performance is sensitive to available 
information (specifically initial state information) and time horizons. 

We present four main contributions. First, we derive a necessary 
and sufficient condition for an attack to be undetectable when the 
detector has side initial state information given by an uncorrupted 
linear function of the initial system state. When the detector has initial 
state information, an attack is undetectable if and only if it induces a 
state in the intersection of the system’s weakly unobservable subspace 
and the null space of the side information matrix. Second, we show 
that an undetectable attack can be maintained if and only if the sum of 
the change in state produced by the attack and the zero input evolution 
of the state induced by the attack belong to the system’s weakly 
unobservable subspace. An attack that is undetectable to a certain 
time point may become detectable at a future time as the detector 
obtains new sensor measurements. Undetectable attacks that can be 
maintained indefinitely are a greater security concern than attacks 
that become detectable after a finite time period. Third, we introduce 
the zero state inducing attack that is undetectable regardless of the 
detector’s initial state information. We show that such an attack exists 
if and only if the intersection of the system’s output-nulling reachable 
subspace over one time-step and its weakly unobservable subspace 
is nonzero. While access to initial state information improves the 
performance of attack detectors, it is practically important to identify 
the existence of attacks that are undetectable regardless of the 
detector’s initial state information. Finally, we design a dynamic 
attack detector that uses side initial state information, has no false 
alarms, and only misses undetectable attacks. 

The rest of this note is organized as follows. In Section 
we specify the system and attack model, review attack detection, 
introduce side information, and formally state the problem. Section]^ 
contains our main technical contributions. Section m gives the 
proofs of our main results, section |V] provides a numerical example 
illustrating the performance of detectors with side information, and 
we conclude in Section 1^ 

II. Background 

A. System Model 

The cyber-physical system is modeled by 

x{k -I- 1) = Ax(k) + Bu{k) + Ba{k), 
y{k) = Cx{k) + Du{k) + Da{k), 

where: x G R" is the system state, j/ € R^ is the system output, k € 
Z is the time index, u G R™ is the known input, and a{k) G R® is the 
unknown attack. Since the input u{k) is known, its contribution to the 
output y{k) is also known, and therefore, u{k) can be ignored. Thus, 
for the remainder of the paper, unless otherwise stated, we consider 
the case of u{k) = 0, Vfc = 0,1,..., without loss of generality. 
Accordingly, we modify the system model to be 

x{k -|- 1) = Ax{k) + Ba{k), 

y{k) = Cx{k) + Da{k). ^ ^ 

The matrices B and D describe the capabilities of the attacker. 
We provide details on the attacker in Section |II-C[ We use the 
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notation E = (A, B, C, D) to represent the systerrQin equation 0- 
Throughout, we make the following assumption. 

Assumption 1. The pair {A, C) is observable. 

Equation l[^ with Assumption [T] is a standard model used in the 
cyher-physical security literature, e.g., (m, d. 

We consider the following sequences: the output sequence (or 
system output trajectory) 

Y{T)=[yiOf yilf ■■■ y{Tf f, (3) 


B. Extended System Subspaces 

Throughout this note, we use properties of the system’s extended 
observability and reachability subspaces (defined in GD and fH) to 
derive our results. We review their definitions here. 

Definition 1 (Weakly Unobservable Subspace V(E) 1171 ). The 
weakly unobservable subspace of a system E, V(E), is the subspace 
of all X G R" such that, for a system with initial condition 2 ;( 0 ) = x, 
there exists an input sequence E{n— 1) so that the output trajectory 
is y(n — 1) = 0. 


and the unknown attack sequence 

E{T)=[a{0f a{lf ■■■ a{Tf f, (4) 

with T > n — 1. An attack occurs when E{T) f 0. The output 
trajectory for the deterministic system Q is 

Y(T) = Otx{Q) + MtE{T), (5) 


where a;(0) is the system’s initial state, Ot is the extended observ¬ 
ability matrix. 
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where U = T — i. In our results, we will also work with the extended 
controllability matrix Ct' 


A state x(0) belongs to the weakly unobservable subspace of E if 
and only if there exists an input sequence E(T) such that 1171 . 1181 

MtE(T) + Otx(O) = 0 for any T = 0,1, 2,... 

References d, Cll, EH, 1201 present approaches to calculate a 
basis for V(E). 

Another extended system subspace of interest is the output-nulling 
reachable subspace over fc steps. 

Definition 2 (Output-nulling Reachable Subspace Wk (TSi ). The 
output-nulling reachable subspace over k steps, Wk, is the subspace 
of all states x € R" such that there exists an input (attack) sequence 
E{k — 1) tlmt brings the system from a:(0) — 0 to x(k) = x while 
producing the output sequence Y(k — 1) = 0. 

The output-nulling reachable subspace over k steps is the subspace 
of all states a; G R"' for which there exists E{k — 1) G R®*’ such 
that Ck-iE(k — 1) = a: and Aik-iE{k — 1) = 0. 


C. Dynamic Attack Detection: Preliminaries 

A dynamic attack detector, ft, examines the system output Y (T) 
and side initial state information yn to determine whether or not an 
attack has occurred: 

fj : X R"^ ^ {Attack, No Attack} , (10) 


Ct = [ A'^B A'^-^B ■■■ B ]. (8) 

The change in state produced by an attack E{T) is CtE{T). 

We now consider side initial state information. The detector knows 
the side initial state information 

yn = Oa:(0), (9) 


where “Attack” means that an attack has occurred. We make the 
following assumptions. 

Assumption 2. The detector ip knows the matrices A and C in 
a priori. The detector ip does not know the matrices B and D in 
a priori. The detector ip a priori does not know a:(0) but knows the 
matrix fl in 


where yn G R’ and Q G R®^". We call Cl the side information 
matrix. The matrix having full column rank corresponds to the 
case in which yn gives full information about x(0), i.e., assuming 
that we know Cl, we can exactly determine a:(0) from yn when Cl 
is full rank. The matrix Cl being the zero matrix corresponds to the 
case in which yn gives no information about a;(0). 

The side information yn captures knowledge of the initial state 
x(0) from the physical description of the system. For example, 
consider a remotely controlled vehicle whose state consists of its 
position and velocity. At f = 0 the initial velocity is known to be 
0, since, by definition, the system was not running before t = 0. 
We consider the initial position to be unknown since the vehicle is 
remotely controlled. We emphasize that the side information yn does 
not rely on sensor measurements. For this reason, the attacker cannot 
modify the side information yn. 

'The term “system” refers to the cyber-physical system and attacker 
collectively. The cyber-physical system gives the A and C matrices of E, 
while the attacker gives the B and D matrices of S. 


If we do not impose further restrictions on the detector, then, trivially, 
we can consider a detector ip that maps any input to the “Attack” 
output. For this particular detector, every attack is detectable, but 
clearly this is not interesting. We restrict our focus to consistent attack 
detectors. 

Definition 3 (Consistent Attack Detector (D). An attack detector ip 
is consistent if ip (Ord, C16) = No Attack for all 6 G R". 

Consistency is a desired property of attack detectors: consistent attack 
detectors do not produce false alarms. Another desired property of 
attack detectors is soundness. 

Definition 4 (Sound Attack Detector). A consistent attack detector ip 
is sound if ip (Y (T), yn) = No Attack for some Y{T) and yn, then, 
for any other consistent detector ip, ip {Y{T), yn) ~ No Attack. 

An sound consistent detector is one that detects all possible attacks 
without violating the consistency property. 

We now provide assumptions on the attacker. 
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Assumption 3. The matrix 


B 

D 


. . . 2 
IS injectivi . 


Assumption 4. The attacker knows the matrices A,B,C,D and Q 
and the system initial state a;(0) a priori. 


Assumption 5. The attacker cannot modify uq. 


Let E{T) be an attack, let Y{T) be the output of the system S 
under attack E{T), and let yn be the side initial state information. 
Considering only consistent detectors, we define undetectable attacks 
as follows: 


Definition 5 (Undetectable Attack). An attack E{T) is unde¬ 
tectable if, for every consistent detector tp and any a:(0) G R", 
tp {Y(T),yn) = No Attack, where Y(T) = Otx{Q) + MtE{T). 

A detectable attack is any attack that is not undetectable. We partition 
the set of all possible attacks (including E(T) = 0), into 

a set of undetectable attacks and a set of detectable attacks. 

Definition 6 (Set of Undetectable Attacks The set is 

the union of set of all attacks E{T) G such that E{T) is 

undetectable and the set that only contains E{T) = 0. 

When the system is not under attack (i.e., E{T) = 0), consistent 
detectors report “No Attack”, so 0 G . 

Define an extension of an attack as follows: 


Definition 7 (Extension of an Attack). An extension of E{T), 
E{T) f 0, is an attack of the form 

E{T’)=[E{Tf a{T+lf ■■■ a{T'f]^, (H) 

for T' > T. 

The attack sequence a(T + 1), ..., cl(T') is allowed to be the zero 
sequence. We provide a necessary and sufficient condition for which 
an undetectable attack E{T) has undetectable extensions E{T') for 
all T' > T so that the attack sequence never becomes detectable 
(even as the attack detector obtains new sensor measurements at each 
time step). If E{T) does not have an undetectable extension for all 
times T' > T, then, at some time T' > T, regardless of the attack 
sequence a(T + 1),..., a{T'), E{T') is detectable. 

Reference m provides a necessary and sufficient condition for an 
attack sequence E{T) to be undetectable when D = 0. 

Lemma 1 (Q)- The attack E{T) is undetectable if and only if 

Otx{0) + MtEIT) = Otx' iff) 

for some initial states a:(0),2;'(0) G R”. 

One particular form of attack that is undetectable against systems 
with no side initial state information is known as the zero dynamics 
attack. 


Definition 8 (Zero Dynamics Attack Q). A zero dynamics attack is 
an attack E{T) = [ a(0)^ • • • a,{T)'^ with 

a{k) = \'"g, (12) 


where g fG and A G C satisfy 


\I - A 
C 


-B 

D 


e 

g 


= 0 . 


(13) 


A zero dynamics attack exists if and only if there exists A G C 
for which there is a nonzero solution to |T3} m, 0. Since, by 


^If this matrix is not injective, we can remove the redundant columns to 
construct an injective matrix. In doing so, we do not change the capabilities 
of the attacker. Thus, this assumption is made without loss of generality. 


Assumption 3 the matrix [ B^ is injective, and g f 0, 

we have that » f 0. By construction, a zero dynamics attack satisfies 

MtE{T) + OtO ~ 0 . 

Therefore, a zero dynamics attack satisfies the condition given in 
Lemma where 6 — a:(0) — 2;'(0). We consider T > n — 1, so 
Ot is injective since {A, C) is observable. Since 6 f 0, a zero 
dynamics attack produces a nonzero change to the output of the 
system. Zero dynamics attacks are also related to malicious attacks 
against distributed function calculation HID. 

We introduce the zero state inducing attack: 

Definition 9 (Zero State Inducing Attack). An attack sequence E{T) 
is called a zero state inducing attack if it satisfies MtE{T) — 0. 

The name zero-state inducing attack refers to the property that such 
an attack does not change the system sensor output, i.e., the change in 
output is equal to the response of the system when its initial state is 
a:(0) = 0. We show that the zero state inducing attack is undetectable 
regardless of the detector’s side information matrix Q. It is the only 
type of attack to remain undetectable even if Q, is full rank. 


D. Problem Statement 

Consider a system E = {A, B, C, D) over a time interval 
0,1,..., r, r > n — 1, with initial state a:(0) and side initial state 
information yn = Da:(0). We consider the following four main prob¬ 
lems: 1) find the set of all undetectable attacks, ; 2) determine 

which attacks E{T) G lA^'^ have undetectable extensions up to any 
time T' > T; 3) determine if there exists an arbitrarily long zero 
state inducing attack against E and; 4) design a consistent detector 
that uses side information and detects all detectable attacks. 

III. Main Results 

A. Initial State Information and Undetectable Attacks 

First, we find a necessary and sufficient condition for an attack 
to be undetectable, when the attack detector has side initial state 
information yn- Let Nf{Q) be the null space of D. 

Theorem 1 (Undetectable Attacks with Side Initial State Informa¬ 
tion). An attack E{T) is undetectable (E{T) G ZT^’^) if and only if 
there exists 9 £ Nf (D) n V(E) for which A4 tE{T) = —OtO- 

Theorem states that an attack E{T) is undetectable over the time 
interval 0,... ,T if and only if the output contributed by the attack 
(i.e., AAtE(T)) equals the negative of the output of the system 
operating without attack from an initial state 6, where 9 belongs 
to the intersection of the system’s weakly unobservable subspace, 
V(E), and the null-space of the side information matrix, ff{Q). We 
call 9 the state induced by the attack. If ff{Q) has dimension strictly 
less than n (i.e., if the side initial state information is non-trivial), 
then, by using the side initial state information yn, an attack detector 
may be able to detect attacks that would otherwise be undetectable 
(in the absence of side information). 

Theorem [T] is valid for any side information matrix D. 

Corollary 1 (No Initial State Information: D = 0). An attack E{T) 
is undetectable if and only if MtE{T) = —Ot 9 for some 9 G V(E) 
when D = 0. 

By construction, a zero dynamics attack E{T) satisfies MtE{T) -\- 
Ot9 = 0, where 9 fQ and g fQ (which is used to define E{T)) is 
a solution to equation jl3| l. There may be other undetectable attacks 
aside from zero dynamics attacks when D = 0. 
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Corollary 2 (Full Initial State Information: II has full column rank). 
An attack E{T) is undetectable if and only if MtE{T) = 0 when 
12 has full column rank. 

According to Corollary the only type of attack that is undetectable 
when the initial state is completely known to the detector is the zero 
state inducing attack. Figure 1 illustrates the results of Theorem[T]and 
its corollaries. Undetectable attacks presented in the literature m, 
Qol, CD rely on the fact that the initial state is unknown to 
the detector in order to be stealthy. As Theorem [T] and Figure 1 
show, however, that even when the detector knows the initial state 
completely, there may still be undetectable attacks. For the special 
case of fl = 0, Theorem [T] is consistent with the results presented 
in Q. 


( 

r—^ 


f 1 



ZS 


ZD 



V J 


\ ) 


V 


J 



(a) U = 0 


the detector obtains sensor measurements y{T + 1),... ,y{T' + 1) 
(even though E{T) was undetectable). 

C. Zero State Inducing Attack 

Third, we provide a necessary and sufficient condition for the 
existence of a zero state inducing attack that can be maintained for 
a arbitrarily long time. We restrict our focus to zero state inducing 
attacks that begin at time 0. This is to prevent trivial lengthening by 
appending a fixed length zero state inducing attack E{T) to a zero 
vecto£l 

Theorem 3 (Arbitrarily Long Zero State Inducing Attacks). There 
exists an attack E{T) against the system E that begins at time 0 such 
that MtE{T) = Q for any T = 0,1,... if and only i/'VV’inV(E) 7 ^ 
{ 0 }, where Wi is the output-nulling reachable subspace over one 
time step. 

Theorem states that there exists an arbitrarily long zero state 
inducing attack against a system E if and only if the intersection 
of the system’s weakly unobservable subspace, V(E) and its output¬ 
nulling reachable subspace over one step, Wi is nonzero. 



(b) U 7 ^ 0 , f! is not full rank 





ZS 


ZD 



L ) 


A 




(c) U is full rank 

Fig. 1: The set of all undetectable attacks depends on the side 

initial state information available to the attack detector. ZS and ZD 
are the set of all zero state inducing attacks and the set of all zero 
dynamics attacks, respectively. 


B. Extensions of Undetectable Attacks 

Second, we provide a necessary and sufficient condition for an 
undetectable attack E{T) (with T > n — 1) to have an undetectable 
extension E{T'). Consider an attack E{T) G E{T) 7 ^ 0. 

Theorem 2 (Extensions of Undetectable Attacks). There exists an 
undetectable extension E{T') of E{T) for all T' > T if and only if 
(CtE(T) -|- G V(E), where 6 satisfies JvItE{T) = —OtO 

and 6 G N (SI) n V (E). 

Theorem states that an undetectable attack E{T) has an unde¬ 
tectable extension E{T') for any T' > T if and only if the sum 
of the change in state produced by the attack (CtE{T)) and the 
zero-input state response of the state induced by the attack (A'^^^6) 
belongs to the system’s weakly unobservable subspace (V (E)). If 
an attack E(T) satisfies the conditions given in Theorem then 
for any time T' > T, there exists a particular sequence of attacks 
a(T -I- 1),..., a(l) such that E{T') is undetectable at time T'. Con¬ 
versely, if an attack E{T) does not satisfy the above condition, then 
at some time T' > T, all extensions E{T') of E{T) are detectable. 
In this case, all extensions E{T') are detectable by time T' because 


D. Attack Detection With Side Information 

We design a consistent dynamic attack detector that detects all 
attacks E{T) that do not belong to Our dynamic detector 

operates sequentially: at every time instant k (with the exception of 
an initialization period), the detector collects new sensor outputs y{k) 
and makes a decision on whether or not the system was attacked in 
the time period up to time k. Our detector only uses a finite window of 
sensor measurements in each time interval, which offers advantageous 
in implementation over detectors that use the entire history of sensor 
measurements. 

First, define Y (k) as the (-length window of sensor measurements 
ending at time k, where k > I — 1: 

Yik)=[y{k-l + lf y{k-l + 2f ■■■y{kff. (14) 


The attack detector makes a decision at every time instant starting at 
Z — 1. Second, define Y(k), the input to the attack detector at time 
k, as follows: 


Y{k)=i L 


T 

yn 


Y{kf 


Y{k), 


fe = Z - 1 
Zl = Z, Z -f 1, 


( 15 ) 


Third, define the orthogonal projection (operator) onto the range 
space of a matrix K, (where fC has full column rank) as 


YIk:=Ic{kAK^ 

We construct the detector tp as 


ft (y(A:)) 


No Attack, Y{k) = Tf^^kAik) 
Attack, Otherwise 


( 16 ) 


(17) 


where 

K.{k) 


[ Tf Oj_^ Y', k = l-l 
Oi-i, Zc = Z, Z -b 1,..., 


( 18 ) 


The detector decides that no attack has occurred in the time interval 

o,...,T if V'(y(/-i)) = V’(?(0) = ■•• = t/.(y(r)) = 
No Attack. 


^This is not a restriction on the definition of the zero state inducing attack. 
An attack E{T) with nonzero first attack time can still be a zero state inducing 
attack if MtE{T) = 0. 
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Theorem 4 (Consistency and Soundness of tp). For I > n + 1, 
where n is the dimension of the system state space, ip {I — 1)^ = 

Ip (y=■■■= Ip ^y (T)^ = No Attack if and only if Y(T) = 
Otx(O) and ya = r2a:(0) for some x(0) G R". 

The detector ip is consistent and sound when the window length I is 
sufficiently long. The novelty of our detector is its use of the available 
side information yn. Detectors that do not use side information (e.g., 
fault detectors such as those presented in 1151 1 may still detect some 
attacks, but, following Theorem such detectors may not be sound. 
That is, there are certain attacks that are only detectable if the detector 
uses side information yn- 

IV. Proof of Main Results 
A. Proof of Theorem 

First, we provide an intermediate result by modifying Lemma [T] 
to account for attack detectors with side information yn- Consider a 
system E = {A, B, C, D) equipped with an attack detector that has 
side information matrix fl. 

Lemma 2. An attack E{T) against the system E is undetectable if 
and only if MtE{T) + Otx{0) = Otx'{0) and Dx(0) = f2a:'(0) 
for some initial states x(0),a;'(0) G R". 

We use the above Lemma to prove Theorem [T] 

Proof (Theorem [^.' (If) Let *(0) be the initial state of the 
system. Let E(T) be an attack such that MtE(T) — —Ot9 for 
6 G A/'(D) n V(E). Let x'(0) = a;(0) - 9- Then MtE(T) + 
Otx{0) = Otx'{0)- In addition, since 6 G ff (Tl), na;'(0) = 
II (x(0) — 6 ) = f2a:(0). Thus, for any x(0), there exists a;'(0) 
such that A4tE{T) + Otx(0) = Otx'(0) and Da;(0) = na;'(0), 
which means, by Lemma E(T) is an undetectable attack. Thus, 
E{T) G 

(Only If) Let 2;(0) be the initial state of the system. Let E{T) G 
U^,T [jy Lemma there exists t^( 0) G R" such that 

MtE(T) + Otx(0) = Otx'{0) and Oa;(0) = Da;'(0). Let 9 = 
x(0) — a:'(0). Substituting for 9 we have that MtE{T) = —Ot9 
and n9 = 0. Thus, MtE{T) = -Ot9 for 9 £ N (D) n V(E). ■ 


B- Proof of Theorem 

Proof (Only If) We show that if there exists an unde¬ 
tectable extension E(T') for all T' > T, then, necessarily, 
{CtE{T) -G A^+^9) G V(E). Let 

E{T') = [ E{T)'^ o(T+l)^ a(r')^ 

be an undetectable extension of E(T)- Since E(T') is undetectable, 
then, by Theorem 0 it must satisfy Mt'E{T') + Ot'9' = 0 for 
some 9' £ Af (17) n V (E). 

We first show that 9' = 9- We partition the matrix Air' as follows: 


JOlj-f 


AAt 0 

Q^/ AAt'—t—i 


(19) 


where Q^i = Ot>-t-iCt- Substituting for the partitioned versions 
of Mj-i and partitioning Ot', we have 


-A4t 0 Ot 

Q^i AAt'—T— i Ot' 


E(T') 

9' 


= 0 . 


( 20 ) 


From the first block row of equation ( |20^ , we have MtE{T) + 
Ot9' = 0, and, from the definition of E(T), we have AAtE(T) + 
Ot9 — 0. Thus, Ot6' = Ot9- Since T > n—1 and E is observable, 
Ot is injective, and 9' = 9- 


Substituting 9 — 9', the second block row of equation ( |20^ gives 
(CtE{T) + 

a{T + l) 

+ A4.T' —T—1 ■ ~ 0 - 

a(r') 


( 21 ) 


Since there exists an undetectable extension E(T') of E(T) for 
all T' > T, equation j2T] l must be satisfied for all T' > T- In 
particular, equation is true for T' = T + n, which shows that 
{CtE(T) -G A^+^9) £ V(E). 

(If) If {CtE(T) -G A^+^9) £ V(E), then, for all T' > T, there 
exists an attack sequence [ a(T -G 1)^ • • • a(T')'^ ] such that 

equations is satisfied. For all T' > T, we construct E(T') by 
appending [ a{T -G 1)^ • • • cl(T')^ to E(T)- By definition 

of E{T), we have A4tE{T) + Ot9 = 0, where 9 £ Af (17) nV (E). 

Combining this fact with equation l |21^ , we see that 
satisfies equation j20| l with 9' — 9- Thus, we have 
A4t'E(T ) + Ot'9 = 0, 
which shows that E(T') is an undetectable extension of E(T)- ■ 


E{T') 

9' 


C- Proof of Theorem 

Proof: (If) We construct a zero state inducing attack E(T) 
that begins at time 0 against E of arbitrary length T under the 
condition that Wi n V(E) / {0}. The initial state of the system 
E, x(0), does not affect its extended observability and reachability 
subspaces, so, without loss of generality, let the system have initial 
state a;(0) = 0. If VFi n V(E) f {0}, there exists an attack 
a(0) f 0 such that a;(l) = Ba(0), y(0) = Da{0) = 0, and 
a;(l) G V(E). Since a:(l) G V(E), for any T, there exists a sequence 
of attacks [ a(l)^ “( 2 )^ ••• 0‘{T)'^ such that the output 

[ 2/(1)^ 2/(2)^ ••• y{T)^ is 0. Thus, for any T, there 

exists an attack E(T) = [ a(0)^ <1(1)^ ••• “(T')^ with 
a(0) f 0 such that AAtE(T) = 0. 

(Only If) We show that if there exists a zero state inducing attack 
that begins at time 0 for any T against the system E, then VV’i(E) n 
V(E) f {0}. Such an attack exists for any T, so it exists for T = n- 
Let 

E{n) = [ a(0)^ o(l)^ ••• a{n)'^ 


be a zero state inducing attack with a(0) 0. Since E(n) induces the 

zero state, we have AA„E(n) = 0, which implies that Da{0) — 0. 

is injective and Da(0) = 0, we have x(l) = Ba(0) 


Since 


D 


0 and a;(l) G Wi. The sequence 

[«(ir «(2)^ 


a(ny 


is an input sequence over n steps such that a system with state 2 ;( 1 ) = 
Ba{0) produces zero output over the time period 1,..., n. Since such 
an input sequence exists, 2 ;( 1 ) G V (E) and a;(l) G W’inV(E). Since 
®(1) 7 ^ 0, Wi n V(E) / {0}. ■ 


D- Proof of Theorem 

Proof: (If) Let Y(T) = Otx(0) and yn = S7a;(0) for some 
®(0) G R". Then, by construction of Y{k), 

Y(k) = 7C(fc)^'=“'+^a:(0). (22) 

for all fc = Z — 1, , T, which means that 

nK(fe)?(fc) = Y(k), (23) 
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for all fc = Z — 1, , T. Thus, 

tp (y{1 - 1)^ = r/) (?(0) =--- = ip (Y{T)'j = No Attack. 

(Only If) We resort to induction. 

Base Case : In the base case, we show that if 

i> (y{1 - 1)^ = {^(1)) = No Attack, 

then Y{1) = Oix{0) and yn = fia;(0) for some 3:(0) £ R"'. Since 
Ip (y{I — 1)^ = No Attack, we have 

Y{l-l) = n,c(i-i)Y(l-l), (24) 

which means that 


Y{l-l)^IC{l-l)x{0), (25) 

= 0^.1 (26) 

for some a;(0) £ R". Since ip ^Y{l)'j = No Attack, we have 

Y{1) = O,_ix'(0). (27) 


for some *^(0) £ R". From equation l |26^ , we have 

[ y(l)'^ • • • ]^ = Oi-2AxiO), (28) 

and from equation l|27j, we have 

[y{lf ■■■ y{l-lf = Oi.2x{0). (29) 

The pair {A, C) is observable and 1 > n + 1, so the matrix O 1-2 is 
injective. Thus, combining equations l |28[ > and \29\ , we have a;^(0) = 
Ax{0). By definition of Y{1) and substituting 2;'(0) = Aa;(0) into 
equation <27}, we have that y{l) — CA’‘x{0). Note that Y{1) = 
[ Y{1 — 1)^ ]^- Thus, Y{1) = Oix{0) and yn = na;(0) 

for some *(0) £ R". 

Induction Step: In the induction step, we assume that if 

Ip (y{I — 1)^ = ■ ■ ■ = Ip (T — 1 )^ = No Attack, 

then y (T—1) = CiT-ia:(0) and t/Q = f2a;(0) for some 2;(0) £ R". 
We show that if ip ^y (T) j = No Attack as well, then Y (T) = 
Otx{0) and yn = fla;(0) for some a:(0) £ R". 

Since ip ^y(r)j = No Attack, we have 

Y{T) = Oi-ix'{0), (30) 


for some *^(0) £ R”. From the induction hypothesis, we have that 
y(r — 1 ) = ClT-ia:(0), which means that 

[y(T-l + l)'^ ■■■ Y{T-l)'^]=O,-2A'^-‘+^xi0). (31) 

From equation l |30| l, we have 

[y(T-/ + l)^ ... y(T-l)^ ]^ = O,_ 2 a:'( 0 ). (32) 

The pair {A,C) is observable and 1 > n + 1, so the matrix O 1-2 
is injective. As a result, x'{0) = Substituting 9' = 

/fT-i+i equation ( |^ , we have y{T) = C'A^x(O). Note that 
y(T) = [ y(T- 1)^ y(r)^ ]^. Thus, Y(J) = Otx{0) and 

yn = na;(0) for some *(0) £ R". ■ 


V. Numerical Example 


We illustrate our results with an example of a remotely piloted 
aircraft subject to both nonzero state inducing attacks and zero state 
inducing attacks. Reference |22l provides a numerical model of the 
longitudinal dynamics of a remotely piloted aircraft that accounts 
for the aircraft’s physical parameters. We describe the longitudinal 
dynamics of the aircraft using four state variables: horizontal velocity 
(*1), vertical velocity (* 2 ), pitch rate (3:3), and pitch angle (0:4). The 
aircraft we consider has two actuators: the elevator (ui) and the thrust 
(U 2 ). The aircraft also has three sensors: the horizontal velocity sensor 
( 2 / 1 ), the vertical velocity sensor ( 1 / 2 ), and the pitch angle sensor (yf). 

The evolution of the state variables ii,... ,X 4 is determined by 
physical principles governing the longitudinal flight of the aircraft 
and depends on physical parameters of the aircraft such as its mass 
and its pitch moment. The model is linearized about an equilibrium 
point, so the state variables a;i,..., 3:4 represent values of the internal 
states relative to a fixed point (e.g., 3:1 in the linearized model is the 
horizontal velocity of the aircraft relative to an equilibrium horizontal 
velocity). The linearized, discretized model for the aircraft gives the 
following dynamics and sensing matrices iH: 


0.992 

0.030 

-0.003 

-0.977 

0.025 

0.684 

1.847 

-0.041 

0.054 - 

-0.100 

0.381 

-0.025 

0.003 - 

-0.006 

0.068 

0.999 


■ 1 0 

0 

0 


C = 

0 1 

0 0 



0 0 0 1 


(33) 


(34) 


The pair {A, C) in this example is observable. 

We consider an attacker modeled by the following B and D 
matrices: 


0.001 0.025 0 0 ■ 

-3.224 -0.035 0 0 

-1.995 -0.021 0 0 ’ 

-0.115 -0.001 0 0 


(35) 


D = 


0 0 10 
0 0 0 1 
0 0 0 0 


(36) 


The attacker can attack both actuators (elevator, ui, and thrust, 
U 2 ) and the horizontal velocity (j/i) and vertical velocity ( 2 / 2 ) 
sensors. There exists a zero dynamics attack against the system 
E = {A,B,C,D). 

In this numerical example, we compare the performance of a 
detector that does not use side information (i.e., the detector’s side 
information matrix is fl = 0) and the performance of a detector that 
uses side information matrix 


fl = [ 1 0 0 0 ] . 

The detector with nontrivial side information knows the initial 
horizontal velocity xi(0). Both detectors are implementations of the 
windowed detector presented in Section |III-D[ the only difference 
between the use of side initial state information. 

We construct a zero dynamics attack (as defined in and ( 3 ) 
against the remotely piloted aircraft. Following equation ( |12^ , we 
construct the zero dynamics attack component wise as 

a(fc) = (10)(.9779)''[ .0324 0 -.6396 .3007]^, (37) 

where k = 0,..., 30. The performance of the two detectors are 
shown in Figure]^ The detector without side information is unable 
to detect the zero dynamics attack - the detector outputs 0, equivalent 
to “No Attack” for all times. The detector with side information is 
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Detector Output Without Side Information 



0 5 10 15 20 25 30 

Time 


Detector Output With Side Information 



Fig. 2: Detector performance without side information (top) and with 
side information (bottom) against zero dynamics attack. 

able to detect the zero dynamics attack - the detector has an output 
of 1, equivalent to “Attack” at time t= 3. 

VI. Conclusion 

In this paper, we studied the effect of side initial state information 
on the dynamic detection of data deception attacks against cyber¬ 
physical systems. First, an undetectable attack induces a state in the 
intersection of the system’s weakly unobservable subspace, V(S), 
and the null space of the side information matrix, M (Q). Second, 
an undetectable attack E(T) has an undetectable extension to any 
r' > T if and only if the sum of the change in state produced 
by the attack, CtE{T), and the zero-input state response of the 
state induced by the attack, belongs to the system’s weakly 

unobservable subspace, V(E). Third, there exists an arbitrarily long 
zero state inducing attack if and only if the intersection of the 
system’s weakly unobservable subspace, V(S), and the system’s 
output-nulling reachable subspace over one step, Wi, is nonzero. 
Finally, we designed an attack detector that uses side information 
and detects all attacks that are not undetectable. 
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